package com.finalist.plugin.pay99billRMB.key;

import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import org.apache.log4j.Logger;

public class Pkipair {
	
	private static Logger log  = Logger.getLogger(Pkipair.class);
	private static final String KEY_PASS = "fengke";
//	private static final String KEY_PASS = "LS9LYNJT1DI2TVAO";
	private static final String ENCODE_KEY_PATH = "/99bill-private-rsa.pfx";
	private static final String ENCODE_KEY_NAME = "test-alias";
	private static Signature ENCODE_SIG = null;
	
	private static final String DECODE_KEY_PATH = "/99bill.cert.rsa.cer";
	private static Signature DECODE_SIG = null;
	
	static {
		try {
			KeyStore keyStore = KeyStore.getInstance("PKCS12");
			// 读取密钥仓库（相对路径）
//			String file = Pkipair.class.getClassLoader().getResource(ENCODE_KEY_PATH).getPath().replaceAll("%20", " ");
//			FileInputStream fis = new FileInputStream(file);
			
			InputStream inputstream = Pkipair.class.getClassLoader().getResourceAsStream(ENCODE_KEY_PATH);
			BufferedInputStream buffer = new BufferedInputStream(inputstream);

			char[] keyPass = KEY_PASS.toCharArray();
			keyStore.load(buffer, keyPass);
			
			// 从密钥仓库得到私钥
			PrivateKey privateKey = (PrivateKey) keyStore.getKey(ENCODE_KEY_NAME, keyPass);
			ENCODE_SIG = Signature.getInstance("SHA1withRSA");
			ENCODE_SIG.initSign(privateKey);
			
//			file = Pkipair.class.getClassLoader().getResource(DECODE_KEY_PATH).toURI().getPath();
//			fis = new FileInputStream(file);
			
			InputStream inputstream2 = Pkipair.class.getClassLoader().getResourceAsStream(DECODE_KEY_PATH);

			CertificateFactory cf = CertificateFactory.getInstance("X.509");
			X509Certificate cert = (X509Certificate) cf.generateCertificate(inputstream2);
			PublicKey pk = cert.getPublicKey();

			DECODE_SIG = Signature.getInstance("SHA1withRSA");
			DECODE_SIG.initVerify(pk);
		} catch (Exception e) {
			throw new RuntimeException(e);
		}
	}
	
	public static String signMsg(String msg) {
		String base64 = "";
		try {
			ENCODE_SIG.update(msg.getBytes("utf-8"));
			sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder();
			base64 = encoder.encode(ENCODE_SIG.sign());
		} catch (Exception e) {
			e.printStackTrace();
		}
		log.info("signMsg========" + base64);
		return base64;
	}
	
	public static boolean validateMsg(String msg, String signedMsg) {
		try {
			DECODE_SIG.update(msg.getBytes());
			sun.misc.BASE64Decoder decoder = new sun.misc.BASE64Decoder();
			log.info("validateMsg msg===" + msg);
			log.info("validateMsg signedMsg===" + signedMsg);
			return DECODE_SIG.verify(decoder.decodeBuffer(signedMsg));
		} catch(Exception e) {
			e.printStackTrace();
		}
		
		return false;
	}

	public static void main(String[] args) {
		String signMsg1 = signMsg("aaa");
		String signMsg2 = signMsg("aaa");
		System.out.println("signMsg(aaa)==" + signMsg1);
		System.out.println("signMsg(aaa)==" + signMsg2);
		
		System.out.println("validateMsg(aaa)==" + validateMsg("aaa", signMsg1));
		System.out.println("validateMsg(aaa)==" + validateMsg("aaa", signMsg2));
	}
}
